OpenDNSSEC-signer 1.3.0rc3
/build/buildd2-opendnssec_1.3.0~rc3-1-mips-lpJjcT/opendnssec-1.3.0~rc3/signer/src/shared/hsm.c
Go to the documentation of this file.
00001 /*
00002  * $Id: hsm.c 5227 2011-06-12 08:51:24Z jakob $
00003  *
00004  * Copyright (c) 2009 NLNet Labs. All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that the following conditions
00008  * are met:
00009  * 1. Redistributions of source code must retain the above copyright
00010  *    notice, this list of conditions and the following disclaimer.
00011  * 2. Redistributions in binary form must reproduce the above copyright
00012  *    notice, this list of conditions and the following disclaimer in the
00013  *    documentation and/or other materials provided with the distribution.
00014  *
00015  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
00016  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00017  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00018  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
00019  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00020  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
00021  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00022  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
00023  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
00024  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
00025  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00026  *
00027  */
00028 
00034 #include "shared/hsm.h"
00035 #include "shared/log.h"
00036 
00037 static const char* hsm_str = "hsm";
00038 
00039 
00044 ods_status
00045 lhsm_get_key(hsm_ctx_t* ctx, ldns_rdf* owner, key_type* key_id)
00046 {
00047     char *error = NULL;
00048 
00049     if (!owner || !key_id) {
00050         ods_log_error("[%s] unable to get key: missing required elements",
00051             hsm_str);
00052         return ODS_STATUS_ASSERT_ERR;
00053     }
00054     ods_log_assert(owner);
00055     ods_log_assert(key_id);
00056 
00057     /* set parameters */
00058     if (!key_id->params) {
00059         key_id->params = hsm_sign_params_new();
00060         if (key_id->params) {
00061             key_id->params->owner = ldns_rdf_clone(owner);
00062             key_id->params->algorithm = key_id->algorithm;
00063             key_id->params->flags = key_id->flags;
00064         } else {
00065             /* could not create params */
00066             error = hsm_get_error(ctx);
00067             if (error) {
00068                 ods_log_error("[%s] %s", hsm_str, error);
00069                 free((void*)error);
00070             }
00071             ods_log_error("[%s] unable to get key: create params for key %s "
00072                 "failed", hsm_str, key_id->locator?key_id->locator:"(null)");
00073             return ODS_STATUS_ERR;
00074         }
00075     }
00076 
00077     /* lookup key */
00078     if (!key_id->hsmkey) {
00079         key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator);
00080     }
00081     if (!key_id->hsmkey) {
00082         error = hsm_get_error(ctx);
00083         if (error) {
00084             ods_log_error("[%s] %s", hsm_str, error);
00085             free((void*)error);
00086         }
00087         /* could not find key */
00088         ods_log_error("[%s] unable to get key: key %s not found", hsm_str,
00089             key_id->locator?key_id->locator:"(null)");
00090         return ODS_STATUS_ERR;
00091     }
00092 
00093     /* get dnskey */
00094     if (!key_id->dnskey) {
00095         key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params);
00096     }
00097     if (!key_id->dnskey) {
00098         error = hsm_get_error(ctx);
00099         if (error) {
00100             ods_log_error("[%s] %s", hsm_str, error);
00101             free((void*)error);
00102         }
00103         ods_log_error("[%s] unable to get key: hsm failed to create dnskey",
00104             hsm_str);
00105         return ODS_STATUS_ERR;
00106     }
00107     key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
00108     return ODS_STATUS_OK;
00109 }
00110 
00115 ldns_rr*
00116 lhsm_sign(hsm_ctx_t* ctx, ldns_rr_list* rrset, key_type* key_id,
00117     ldns_rdf* owner, time_t inception, time_t expiration)
00118 {
00119     ods_status status = ODS_STATUS_OK;
00120     char* error = NULL;
00121     ldns_rr* result = NULL;
00122 
00123     if (!owner || !key_id || !rrset || !inception || !expiration) {
00124         ods_log_error("[%s] unable to sign: missing required elements",
00125             hsm_str);
00126         return NULL;
00127     }
00128     ods_log_assert(owner);
00129     ods_log_assert(key_id);
00130     ods_log_assert(rrset);
00131     ods_log_assert(inception);
00132     ods_log_assert(expiration);
00133 
00134     if (!key_id->dnskey) {
00135         status = lhsm_get_key(ctx, owner, key_id);
00136         if (status != ODS_STATUS_OK) {
00137             error = hsm_get_error(ctx);
00138             if (error) {
00139                 ods_log_error("[%s] %s", hsm_str, error);
00140                 free((void*)error);
00141             }
00142             ods_log_error("[%s] unable to sign: get key failed", hsm_str);
00143             return NULL;
00144         }
00145     }
00146     ods_log_assert(key_id->dnskey);
00147     ods_log_assert(key_id->hsmkey);
00148     ods_log_assert(key_id->params);
00149 
00150     key_id->params->inception = inception;
00151     key_id->params->expiration = expiration;
00152     if (!key_id->params->keytag) {
00153         key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
00154     }
00155 
00156     ods_log_debug("[%s] sign RRset[%i] with key %s tag %u", hsm_str,
00157         ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
00158         key_id->locator?key_id->locator:"(null)", key_id->params->keytag);
00159 
00160     result = hsm_sign_rrset(ctx, rrset, key_id->hsmkey, key_id->params);
00161     if (!result) {
00162         error = hsm_get_error(ctx);
00163         if (error) {
00164             ods_log_error("[%s] %s", hsm_str, error);
00165             free((void*)error);
00166         }
00167     }
00168 
00169     return result;
00170 }